Cryptographic protocols are commonly used by computing devices to securely transmit information over the Internet. Such protocols may implement various types of cryptographic keys to encrypt and/or decrypt communications, as well as certificates to enable a computing device to verify the identities of hosts with whom the computing device is communicating. These keys and certificates are generally stored in a credentials data store, such as a key store or a trust store, and are accessed by the computing device to generate one or more credentials managers, such as one or more key managers and/or trust managers. The credentials managers are then used to verify the identities of host devices and to transmit encrypted communications to, as well as receive encrypted communications from, the host devices.
In cloud computing applications, cryptographic protocols may be implemented by an application running on a virtual machine (VM) to enable the application to securely communicate with multiple hosts and determine whether communications received from a particular host should be trusted. For example, in multi-tiered cloud computing applications, a management application may use one or more trust managers to authenticate different hosts associated with one or more cloud computing platform providers.
During deployment of a multi-tiered application, various virtual machines (VMs) in hosts and/or cloud computing platform providers may be added to or removed from a listing of trusted hosts. As such, keys and/or certificates associated with the VMs in the hosts and cloud computing platform providers may be added to or removed from the credentials data store. In some cases, the management application may be executing in a runtime environment, such as a Java Virtual Machine (JVM), in which credentials managers are generated only when the runtime environment is launched and cannot be modified to add or remove keys and/or certificates while the runtime environment is running. Consequently, if new keys and/or certificates are received during execution of the management application, the runtime environment and, consequently, the application must be restarted in order to generate new credentials managers. As a result, adding or removing trusted hosts generally requires increased downtime and administrative costs.
Further, current runtime environment implementations typically allow only one set of credentials managers to be implemented for applications running on a particular runtime environment. Consequently, when multiple users are running an application or applications on a virtual machine, the users must share a single set of global credentials managers, preventing trusted hosts from being selected on a per-user basis. Accordingly, there are challenges faced by system administrators when attempting to update and manage keys and certificates to be used by a runtime environment.